Versions Compared

Old Version 1

changes.mady.by.user willem jiang

Saved on

compared with

New Version 2

changes.mady.by.user willem jiang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: CAMEL-2793 update the wiki doc of camel-spring-security

...

camel-spring-security component can take the authentication token which is set by Spring Security or other security framework, and check authentication token with the access information which is configured by SpringSecurityAuthorizationPolicy.
SpringSecurityAuthorizationPolicy will check the message header with "CamelAuthentication" and turned the security subject into the spring authentication token, you can specify your customer authenticationAdapter by configure this policy. If there is no security subject in the message header, and the policy's attribute "useThreadSecurityContext" is true, the policy will use SecurityContextHolder.getContext().getAuthentication() to get the authentication token.
If the authentication token is authorized, the camel exchange will be passed to the next processor, otherwise CamelAuthorizationException will be thrown with the exchange.

...

Attribut

Type

Description

id

String

The bean id which is common used for the bean which is managed by Spring

access

String

The access policy that you want to use authorization

authenticationManager

String

The id of the authentication manager which is used for reauthentication within the SpringSecurityAuthorizationPolicy. If you don't specify it, SpringSecurityAuthorizationPolicy will set it value with "authenticationManager"

accessDecisionManager

String

The id of the access decision manager which is used for checking the access attribute with authentication token. If you don't specify it, SpringSecurityAuthorizationPolicy will set it value with "accessDecisionManager"

authenticationAdapter

String

New to Camel 2.4, The id of AuthenticationAdapter that SpringSecurityAuthorizationPolicy uses to turn a security subject into Spring authentication token

useThreadSecurityContext

String boolean

SpringSecurityAuthorizationPolicy will try to get the authentication token from exchangemessage header with the key "CamelAuthentication", if it can't get it and the this attribute is true, it will try to get authentication from SecurityContextHolder (the thread local context). The default value of this attribute is true.

alwaysReauthenticate

String boolean

If this attribute is true, SpringSecurityAuthorizationPolicy will aways reauthenticate the authentication token. The default value of this attribute is false.

...